Benzinga - by Rounak Jain, Benzinga Staff Writer.
In a recent revelation, security researchers have uncovered multiple security vulnerabilities in OpenAI's ChatGPT that could potentially lead to account takeovers of unwitting users.
What Happened: According to a report on Imperva on Tuesday, researchers identified two cross-site scripting (XSS) vulnerabilities and other security issues in ChatGPT. Malicious hackers could exploit these vulnerabilities to hijack a user’s account.
ChatGPT allows users to upload files and query them. The research firm found that the feature that processes these files and provides a clickable citation icon could be manipulated. Depending on the file contents, the ChatGPT feature that manages it could potentially pose a security threat.
However, exploiting this vulnerability is not straightforward. It requires the user to upload a harmful file, engage with ChatGPT in a way that prompts it to quote from this file, and then click the citation to trigger the vulnerability.
The research firm reported these vulnerabilities to OpenAI and noted that they were fixed by the AI startup "within hours."
Why It Matters: This discovery comes in the wake of increasing concerns about using AI tools like ChatGPT in cyberattacks.
Earlier in February, Microsoft Corp. (NASDAQ:MSFT) and OpenAI revealed that hackers used large language models like ChatGPT to refine their cyberattacks. Notably, hackers from countries like Russia, North Korea, Iran, and China were found to be using tools like ChatGPT to research targets, improve scripts, and help build social engineering techniques.
OpenAI had previously launched a $20K Bug Bounty Initiative to encourage users to find flaws in its AI systems. The recent discovery of vulnerabilities in ChatGPT underscores the importance of such initiatives in ensuring the security of AI systems.
Check out more of Benzinga’s Consumer Tech coverage by following this link.
Read Next: Four Testicles And Nonsense Labels: AI Botches Rat Illustration In Published Scientific Paper
Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.
Photo courtesy: Shutterstock
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.